In this recipe, you create tag categories and tags for your network. By applying these tags to different devices, interfaces, and addresses, you identify the location and function of each part of your Security Fabric and increase network visibility.
This recipe is in the Fortinet Security Fabric Collection. You can also use it as a standalone recipe.
1. Creating tag categories and tags |
|
|
In this example, you use tags to identify the following things about devices in the Security Fabric:
|
|
|
To create the tag category for physical location, connect to Edge and go to System > Tags. Set Tag Category to Location. Because each device in the network can only have one location, disable Allow multiple tag selection. Add Tags for the first floor, second floor, and third floor. Under Tag Scope, set Device to Mandatory. |
 |
|
For the department tag, enable Allow multiple tag selection. Add Tags for the following departments: Accounting, Marketing, Sales, and Admin. Under Tag Scope, set Interface to Mandatory and set Device to Mandatory. Because the FortiGate configuration includes default addresses, set Address to Optional. |
 |
|
For the network administrators tag, enable Allow multiple tag selection. Add Tags for Robert and Lisa. Under Tag Scope, set Device to Mandatory. |
 |
|
Because the configuration of tag categories and tags isn’t synchronized across the Security Fabric, you must connect to each FortiGate device separately and add the appropriate tags for the part of your network that uses that FortiGate. |
|
|
Connect to Accounting and repeat the previous steps to create the tags that are shown. |
|
2. Applying tags to devices, interfaces, and addresses |
|
|
To apply tags to devices in your network, go to User & Device > Device Inventory. Edit the Accounting FortiGate. Under Tags, add the following tags:
|
 |
| Edit all other devices listed and apply the appropriate tags for department, location, and administrators. | |
|
To apply tags to interfaces in your network, go to Network > Interfaces. Edit the interface that connects Edge and Accounting (in the example, port10). Under Tags, set Department to Accounting. |
 |
| Edit all other interfaces and apply the appropriate tag for department. | |
|
To apply tags to addresses in your network, go to Policy & Objects > Addresses. Edit the address for the Accounting subnet. Under Tags, set Department to Accounting. |
 |
| Edit all other addresses and apply the appropriate tag for department. | |
|
To apply tags to devices in on the accounting network, connect to Accounting and go to User & Device > Device Inventory. Edit a computer on this network. Under Tags, add the following tags:
|
 |
| Apply the appropriate tags to other devices, interfaces, and addresses on this network. | |
4. Results |
|
|
To sort devices and interfaces by tags, connect to Edge and go to Security Fabric > Logical Topology. In the Search field, enter Robert. The devices that have the Robert tag are highlighted. |
 |
|
To view more information about a highlighted device, including tags, hover over that device in the topology. The Robert tag is highlighted. |
 |
The post Tags in the Fortinet Security Fabric appeared first on Fortinet Cookbook.